Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-19647PUBLISHED: 2019-12-09radare2 through 4.0.0 lacks validation of the content variable in the function r_asm_pseudo_incbin at libr/asm/asm.c, ultimately leading to an arbitrary write. This allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted input.
CVE-2019-19648PUBLISHED: 2019-12-09In the macho_parse_file functionality in macho/macho.c of YARA 3.11.0, command_size may be inconsistent with the real size. A specially crafted MachO file can cause an out-of-bounds memory access, resulting in Denial of Service (application crash) or potential code execution.
CVE-2019-19642PUBLISHED: 2019-12-08
On SuperMicro X8STi-F motherboards with IPMI firmware 2.06 and BIOS 02.68, the Virtual Media feature allows OS Command Injection by authenticated attackers who can send HTTP requests to the IPMI IP address. This requires a POST to /rpc/setvmdrive.asp with shell metacharacters in ShareHost or ShareNa...
CVE-2019-19637PUBLISHED: 2019-12-08An issue was discovered in libsixel 1.8.2. There is an integer overflow in the function sixel_decode_raw_impl at fromsixel.c.
CVE-2019-19638PUBLISHED: 2019-12-08An issue was discovered in libsixel 1.8.2. There is a heap-based buffer overflow in the function load_pnm at frompnm.c, due to an integer overflow.
User Rank: Apprentice
3/14/2014 | 11:16:26 AM
However, all of this presents new types of targets. So, we have a few scenarios here...
There are a number of different types of cloud-based attacks that can and do happen. These include port attacks, DDoS, application-specific threats, database attacks and much more.
So the answer really depends on the attack and who it's against. Let's look at this example - According to a recent Arbor Networks report, DDoS attacks originally targeted Spamhaus on 16th March, 2013. Spamhaus engaged the services of CloudFlare (http://blog.cloudflare.com/) who were able to mitigate the initial attacks successfully. The attacks then escalated between 19th and 21st March exhausting the capabilities of CloudFlare. The report goes on to say that the attacks also moved on to target next-hop addresses at IX's around the world (AMS-IX, DEC-IC, HK-IX, Equinix and LINX) causing congestion and a perceived Internet slow down in some geographies. ISPs around the world have worked to deploy filters to mitigate the impact of the attacks.
In this case, it was a scramble to halt this type of congestion and attack.
In other cases, very specific attacks may target a service or an application. During this attack a malicious piece of software or user continue to run and operate on the system. In these cases you still need to isolate the application or data point to identify and quantify the ramifications of the attack. If it's a VM, snapshotting it will allow you to see present-state metrics around the attack. Of course, governance and compliance play a big role as well.
Basically, there will be cases where a security professional will want to regain control, monitor, and remediate a potential attack.